Yellow Dog Linux Security Advisory: YDU-20020801-2
Dan Burcaw
yellowdog-updates@lists.terrasoftsolutions.com
Thu, 1 Aug 2002 15:55:59 -0600 (MDT)
Yellow Dog Linux Security Announcement
--------------------------------------
Package: glibc
Issue Date: August 1, 2002
Priority: medium
Advisory ID: YDU-20020801-2
1. Topic:
Updated glibc packages are available.
2. Problem:
"The glibc package contains standard libraries which are used by
multiple programs on the system.
A buffer overflow vulnerability has been found in the way the glibc
resolver handles the resolution of network names and addresses via DNS
(as per Internet RFC 1011). Version 2.2.5 of glibc and earlier versions
are affected. A system would be vulnerable to this issue if the
"networks" database in /etc/nsswitch.conf includes the "dns" entry. By
default, [Yellow Dog] Linux ships with "networks" set to "files" and
is therefore not vulnerable to this issue. (CAN-2002-0684)"
(from Red Hat Advisory)
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install glibc
b) Updating manually...
Download the updates below for your version of Yellow Dog Linux
and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
Yellow Dog Linux 2.3
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
ppc/glibc-2.2.5-1.2.3a.ppc.rpm
ppc/glibc-common-2.2.5-1.2.3a.ppc.rpm
ppc/glibc-devel-2.2.5-1.2.3a.ppc.rpm
ppc/glibc--profile-2.2.5-1.2.3a.ppc.rpm
ppc/nscd-2.2.5-1.2.3a.ppc.rpm
Yellow Dog Linux 2.2
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/
ppc/glibc-2.2.5-1.2.2a.ppc.rpm
ppc/glibc-common-2.2.5-1.2.2a.ppc.rpm
ppc/glibc-devel-2.2.5-1.2.2a.ppc.rpm
ppc/glibc--profile-2.2.5-1.2.2a.ppc.rpm
ppc/nscd-2.2.5-1.2.2a.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
[Yellow Dog Linux 2.3]
e75df29971655f990a6a5b9a98924f37 ppc/glibc-2.2.5-1.2.3a.ppc.rpm
a9bc63468bd7c91fae2321c99c2c5a4a ppc/glibc-common-2.2.5-1.2.3a.ppc.rpm
fdfe07b747a5745ea17a68ac3a02703f ppc/glibc-devel-2.2.5-1.2.3a.ppc.rpm
d4231fe4c2f3e35ddfc0be090d6fd042 ppc/glibc-profile-2.2.5-1.2.3a.ppc.rpm
3e8ef6492b919a7312aa2159e72e4893 ppc/nscd-2.2.5-1.2.3a.ppc.rpm
86079e5b9e2c110e73f5f08c0c8079f5 SRPMS/glibc-2.2.5-1.2.3a.src.rpm
[Yellow Dog Linux 2.2]
5a9e8dfcfa6a076d7eababf41ace3c38 ppc/glibc-2.2.5-1.2.2a.ppc.rpm
e4da9a723e183a2c4622bafbbe1ce8ad ppc/glibc-common-2.2.5-1.2.2a.ppc.rpm
e4de3964877bb9a10a70007d1052bacc ppc/glibc-devel-2.2.5-1.2.2a.ppc.rpm
03e9e72db5d632a07aabcc48240bc918 ppc/glibc-profile-2.2.5-1.2.2a.ppc.rpm
1696491d9b6470f088b54e0b30bbb020 ppc/nscd-2.2.5-1.2.2a.ppc.rpm
188ba4de2de082a64669b798cd83addd SRPMS/glibc-2.2.5-1.2.2a.src.rpm
I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename
5. Misc.
Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml